Why you might be interested?
Create a secure API boilerplate which can be consumed by any client (web & mobile app)
If you want to skip the process here you can find the result: https://github.com/danielcrt/laravel5.7-passport-dingo-api-boilerplate
The setup is inspired by ChristophSchmidl’s boilerplate available here: https://github.com/ChristophSchmidl/laravel-5.4-dingo-passport-boilerplate
Install Laravel: https://laravel.com/docs/5.7/installation#installing-laravel
Add Dingo API to composer.json (find latest version here: https://github.com/dingo/api/releases):
"require": {
...
"dingo/api": "2.0.0-alpha1"
}
Put Dingo\Api\Provider\LaravelServiceProvider::class into the providers array of config/app.php
Run php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"
Put 'DingoApi' => Dingo\Api\Facade\API::class, 'DingoRoute' => Dingo\Api\Facade\Route::class into aliases array of config/app.php
Update .env file and insert: API_PREFIX=api
API_VERSION=v1
Install CORS. Using this you can handle Cross-Origin Resource Sharing headers and OPTIONS requests.
Run: php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"
Make CORS available to all routes. You can change that behaviour by updating app/Http/Kernel.php and put \Barryvdh\Cors\HandleCors::class into your middleware array.
Move the User-model from app into namespace App\Models and adjust all config files (if any) so everything works as before.
In config/auth.php update:
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
...
],
Install Passport via composer require laravel/passport
Register PassportServiceProvider by adding Laravel\Passport\PassportServiceProvider::class to the providers array of config/app.php
Run php artisan vendor:publish --tag=passport-migrations to put the default Passport migrations into database/migrations folder.
Run php artisan migrate
If you receive: “Specified key was too long; max key length is 767 bytes”
Open app/Providers/AppServiceProvider.php and inside the boot method set a default string length:
use Illuminate\Support\Facades\Schema;
public function boot() {
Schema::defaultStringLength(191);
}
Run php artisan passport:install This command will create the encryption keys needed to generate secure access tokens. In addition, the command will create “personal access” and “password grant” clients which will be used to generate access tokens.
Add Laravel\Passport\HasApiTokens to App\Models\User
Thanks to ChristophSchmidl we have some nicely crafted controllers and transformers which we will just describe in few words. You can find them on github.
Under app/Http/Controllers/Api/V1 we create a custom Controller named DingoController which will throw all Laravel exceptions and validation errors to our API responses. You can also find there a LoginController and a RegisterController which validate the input and return the responses.
Under app/Http we have created a folder named Transformers. These are meant to convert your Eloquent objects (eg. User) to a custom JSON which is sent in your API response.
In app/Providers We have DingoExceptionHandlerProvider which handles the HTTP errors related to authentication (eg. 401, 403) and DingoPassportServiceProvider validates the Authorization header.
And finally in routes/api.php you can see some defined routes for Login, Register and Logout.
Thanks for reading by here!
If you have any questions or improvements please let us know in comments section.